Yellowphoenix18
Vorarbeiter
Hallo und guten Abend,
habe mich heute daran gemacht meinen Mail-Server mit SSL zu verschlüsseln. Dazu habe ich auch alles eingerichtet, aber mein Dovecot-Server möchte nicht IMAP und POP3 verschlüsseln. Stelle ich die protocols nur auf imaps und pop3s, findet Thunderbird keine Verbindung, adde ich pop3 und imap, findet Thunderbird eine Verbindung, aber keine Verschlüsselung. Vlt. weiß einer von euch ja, wo hierbei das Problem liegt^^
Hoffe einer von euch weiß wo hier das Problem liegt
Mit freundlichen Grüßen Sebastian
habe mich heute daran gemacht meinen Mail-Server mit SSL zu verschlüsseln. Dazu habe ich auch alles eingerichtet, aber mein Dovecot-Server möchte nicht IMAP und POP3 verschlüsseln. Stelle ich die protocols nur auf imaps und pop3s, findet Thunderbird keine Verbindung, adde ich pop3 und imap, findet Thunderbird eine Verbindung, aber keine Verschlüsselung. Vlt. weiß einer von euch ja, wo hierbei das Problem liegt^^
Code:
# for authentication checks). disable_plaintext_auth is also ignored for
# these networks. Typically you'd specify your IMAP proxy servers here.
#login_trusted_networks =
# Space separated list of login access check sockets (e.g. tcpwrap)
#login_access_sockets =
# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
# proxying. This isn't necessary normally, but may be useful if the destination
# IP is e.g. a load balancer's IP.
#auth_proxy_self =
# Show more verbose process titles (in ps). Currently shows user name and
# IP address. Useful for seeing who are actually using the IMAP processes
# (eg. shared mailboxes or if same uid is used for multiple accounts).
#verbose_proctitle = no
# Should all processes be killed when Dovecot master process shuts down.
# Setting this to "no" means that Dovecot can be upgraded without
# forcing existing client connections to close (although that could also be
# a problem if the upgrade is e.g. because of a security fix).
#shutdown_clients = yes
# If non-zero, run mail commands via this many connections to doveadm server,
# instead of running them directly in the same process.
#doveadm_worker_count = 0
# UNIX socket or host:port used for connecting to doveadm server
#doveadm_socket_path = doveadm-server
# Space separated list of environment variables that are preserved on Dovecot
# startup and passed down to all of its child processes. You can also give
# key=value pairs to always set specific settings.
#import_environment = TZ
##
## Dictionary server settings
##
# Dictionary can be used to store key=value lists. This is used by several
# plugins. The dictionary can be accessed either directly or though a
# dictionary server. The following dict block maps dictionary names to URIs
# when the server is used. These can then be referenced using URIs in format
# "proxy::<name>".
dict {
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}
# Most of the actual configuration gets included below. The filenames are
# first sorted by their ASCII value and parsed in that order. The 00-prefixes
# in filenames are intended to make it easier to understand the ordering.
!include conf.d/*.conf
# A config file can also tried to be included without giving an error if
# it's not found:
!include_try local.conf
auth_mechanisms = plain cram-md5 ntlm
log_timestamp = "%Y-%m-%d %H:%M:%S "
passdb {
args = /etc/dovecot/dovecot-mysql.conf
driver = sql
}
protocols = pop3 pop3s imap imaps
service auth {
unix_listener /var/spool/postfix/private/auth_dovecot {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-master {
mode = 0600
user = vmail
}
user = root
}
userdb {
args = /etc/dovecot/dovecot-mysql.conf
driver = sql
}
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
pop3_client_workarounds = oe-ns-eoh
# pop3_uidl_format = %v.%u
}
protocol lda {
auth_socket_path = /var/run/dovecot/auth-master
postmaster_address = admin@*******.de
}
Code:
##
## SSL settings
##
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = required
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
ssl_cert = </etc/letsencrypt/live/<Mein Domain-Name>/fullchain.pem
ssl_key = </etc/letsencrypt/live/<Mein Domain-Name>/privkey.pem
# If key file is password protected, give the password here. Alternatively
# give it when starting dovecot with -p parameter. Since this file is often
# world-readable, you may want to place this setting instead to a different
# root owned 0600 file by using ssl_key_password = <path.
#ssl_key_password =
# PEM encoded trusted certificate authority. Set this only if you intend to use
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
#ssl_ca =
# Require that CRL check succeeds for client certificates.
#ssl_require_crl = yes
# Directory and/or file for trusted SSL CA certificates. These are used only
# when Dovecot needs to act as an SSL client (e.g. imapc backend). The
# directory is usually /etc/ssl/certs in Debian-based systems and the file is
# /etc/pki/tls/cert.pem in RedHat-based systems.
#ssl_client_ca_dir =
#ssl_client_ca_file =
# Request client to send a certificate. If you also want to require it, set
# auth_ssl_require_client_cert=yes in auth section.
#ssl_verify_client_cert = no
# Which field from certificate to use for username. commonName and
# x500UniqueIdentifier are the usual choices. You'll also need to set
# auth_ssl_username_from_cert=yes.
#ssl_cert_username_field = commonName
# DH parameters length to use.
#ssl_dh_parameters_length = 1024
# SSL protocols to use
ssl_protocols = !SSLv2 !SSLv3
# SSL ciphers to use
#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
# Prefer the server's order of ciphers over client's.
#ssl_prefer_server_ciphers = no
# SSL crypto device to use, for valid values run "openssl engine"
#ssl_crypto_device =Hoffe einer von euch weiß wo hier das Problem liegt
Mit freundlichen Grüßen Sebastian
